Commit 112d272d authored by Sympa authors's avatar Sympa authors Committed by IKEDA Soji
Browse files

Updating NEWS.md

parent ef9d1403
# Change Log
## [6.2.36](https://github.com/sympa-community/sympa/tree/6.2.36)
[Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.35b.1...6.2.36)
**Changes:**
- Scenarios `subscribe.*` and `unsubscribe.*`: Now authentication by target user is required when anonymous/other user requested these actions [\#390](https://github.com/sympa-community/sympa/pull/390). Previously, if "open" scenario was used, an anonymous user on web interface could add subscriber without confirmation.
- WWSympa: Home-made color picker in CSS configuration page was replaced with external plugin [jQuery MiniColors](https://labs.abeautifulsite.net/jquery-minicolors/) [\#369](https://github.com/sympa-community/sympa/pull/369).
- WWSympa: `referer` and `failure_refarer` parameters fed to login form (see [documentation](https://sympa-community.github.io/manual/customize/authentication-web.html#sharing-wwsympas-authentication-with-other-applications) for details) are limited within scope of `cookie_domain` to prevent XSS / open redirect [\#268](https://github.com/sympa-community/sympa/issues/268).
- Default value of `--with-lockdir` option for `configure` script became `/var/lock/subsys` not according to `localstatedir` [\#403](https://github.com/sympa-community/sympa/pull/403).
- Some Systemd unit files generated by source package were renamed: `wwsympa.service` and `sympasoap.service` [\#406](https://github.com/sympa-community/sympa/pull/406).
**Implemented enhancements:**
- Update startup scripts [\#406](https://github.com/sympa-community/sympa/pull/406) ([ikedas](https://github.com/ikedas))
- Domain without available wwsympa\_url parameter should deny web access [\#405](https://github.com/sympa-community/sympa/pull/405) ([ikedas](https://github.com/ikedas))
- Let the default of `--with-lockdir` be `/var/lock/subsys` always [\#403](https://github.com/sympa-community/sympa/pull/403) ([ikedas](https://github.com/ikedas))
**Fixed bugs:**
- DKIM per-list options not saved [\#412](https://github.com/sympa-community/sympa/issues/412)
- Merge\_feature active and attached file with special characters [\#409](https://github.com/sympa-community/sympa/issues/409)
- Error in the name of a function in wwsympa.fcgi [\#404](https://github.com/sympa-community/sympa/issues/404)
- Internal Server Error: Can't locate object method "\_marshal\_format" in Spool.pm \(71\) [\#401](https://github.com/sympa-community/sympa/issues/401)
- Rename a list takes incredible time [\#368](https://github.com/sympa-community/sympa/issues/368)
- Avoid "subscribe spam" [\#302](https://github.com/sympa-community/sympa/issues/302)
- XSS and open redirect on login form, CVE-2018-1000671 [\#268](https://github.com/sympa-community/sympa/issues/268)
- Update startup scripts [\#406](https://github.com/sympa-community/sympa/pull/406) ([ikedas](https://github.com/ikedas))
**Closed issues:**
- Issues with sending mails using special French characters [\#178](https://github.com/sympa-community/sympa/issues/178)
## [6.2.35b.1](https://github.com/sympa-community/sympa/tree/6.2.35b.1) (2018-08-26)
[Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.34...6.2.35b.1)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment